trumee
June 22, 2025, 11:25pm
1
Hello,
I have setup dnsmasq to provide dhcp address to two interfaces. This is working fine. However, dnsmasq also modifies my /etc/resolv.conf which i dont want. I dont want dnsmasq to touch that file at all. How do i do that?
Here is my config,
services.dnsmasq.enable = true;
services.dnsmasq.settings = {
interface=["vlan80br" "vlan90br"];
except-interface="lo";
bind-interfaces= true;
dhcp-range=["192.168.11.3,192.168.11.5,12h" "192.168.12.3,192.168.12.5,12h"];
};
This generates the file,
# cat /nix/store/0k8hbnk69cyxy4np6iax3cxxwpb8wvpp-dnsmasq.conf
bind-interfaces
conf-file=/etc/dnsmasq-conf.conf
dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
dhcp-range=192.168.11.3,192.168.11.5,12h
dhcp-range=192.168.12.3,192.168.12.5,12h
except-interface=lo
interface=vlan80br
interface=vlan90br
resolv-file=/etc/dnsmasq-resolv.conf
The file doesnt reference /etc/resolv.conf nonetheless i see that /etc/resolv.conf gets set to 127.0.0.1 while i want it to point to 172.17.1.1
I have set the networking as follows,
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
nameservers = [ "172.17.1.1" ];
search = ["localdomain"];
};
services.resolved = {
enable = false;
dnssec = "true";
domains = [ "localdomain" ];
fallbackDns = [ "172.17.1.1" "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
dnsovertls = "true";
};
What change do i need to do so that /etc/resolv.conf always points to 172.17.1.1?
Set networking.resolvconf.useLocalResolver = false
.
trumee
June 23, 2025, 11:10am
3
Thanks. I add that to the configuration,
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
nameservers = [ "172.17.1.1" ];
search = ["lan"];
resolvconf.useLocalResolver = false;
};
Unfortunately, after the rebuild it still changed the resolv.conf to
$ cat /etc/resolv.conf
# Generated by resolvconf
search lan
nameserver 127.0.0.1
options edns0
It looks like that entry is generated at runtime by something calling resolvconf
. Try running tail /run/resolvconf/interfaces/*
to confirm.
trumee
June 23, 2025, 9:03pm
5
I get this
tail /run/resolvconf/interfaces/*
search lan
nameserver 172.17.1.1
nameserver 127.0.0.1
Uhm, so there’s a single file. /run/resolvconf/interfaces/static ?
trumee
June 23, 2025, 9:35pm
7
Yes a single file. Should there be anything else?
Why does it have 127.0.0.1 address?
trumee
June 23, 2025, 10:14pm
8
I ended up hardcoding like this,
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
nameservers = [ "172.17.1.1" ];
search = ["lan"];
resolvconf.useLocalResolver = false;
};
services.dnsmasq.enable = true;
services.dnsmasq.settings = {
interface=["vlan80br" "vlan90br"];
except-interface="lo";
bind-interfaces= true;
dhcp-range=["192.168.11.3,192.168.11.5,12h" "192.168.12.3,192.168.12.5,12h"];
environment.etc = {
"resolv.conf".text = "search lan\nnameserver 172.17.1.1\n";
};
This removed resolvconf itself during nixos switch,
removing group ‘resolvconf’
setting up /etc...
It the entry is in static
there must be some other NixOS module that’s setting it. I’ve built a VM with your configuration:
{
users.users.root.password = "root";
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
nameservers = [ "172.17.1.1" ];
search = ["localdomain"];
};
services.resolved = {
enable = false;
dnssec = "true";
domains = [ "localdomain" ];
fallbackDns = [ "172.17.1.1" "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
dnsovertls = "true";
};
}
and I don’t get the 127.0.0.1
entry. So, it’s something else that you did not post.
trumee
June 23, 2025, 10:27pm
10
Here is the full file,
$ cat networking.nix
{ config, pkgs, ... }:
{
# REGION Networking
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
nameservers = [ "172.17.1.1" ];
search = ["lan"];
resolvconf.useLocalResolver = false;
};
environment.etc = {
"resolv.conf".text = "search lan\nnameserver 172.17.1.1\n";
};
services.resolved = {
enable = false;
dnssec = "true";
#domains = [ "~." ];
domains = [ "localdomain" ];
fallbackDns = [ "172.17.1.1" "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
dnsovertls = "true";
};
networking.firewall.enable = true;
networking.nftables.enable = true;
networking.nftables.flushRuleset = false;
networking.firewall.trustedInterfaces = [
"vlan20br"
"vlan30br"
"vlan40br"
"vlan50br"
"vlan80br"
"vlan90br"
];
networking.firewall.checkReversePath = "loose";
networking.firewall.logReversePathDrops = true;
systemd.network = {
enable=true;
netdevs = {
"10-bond0" = {
netdevConfig = {
Kind = "bond";
Name = "bond0";
};
bondConfig = {
Mode = "802.3ad";
TransmitHashPolicy = "layer3+4";
};
};
#create the vlan interfaces
"1-vlan20" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan20";
};
vlanConfig.Id = 20;
};
"1-vlan30" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan30";
};
vlanConfig.Id = 30;
};
"1-vlan40" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan40";
};
vlanConfig.Id = 40;
};
"1-vlan50" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan50";
};
vlanConfig.Id = 50;
};
"1-vlan80" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan80";
};
vlanConfig.Id = 80;
};
"1-vlan90" = {
netdevConfig = {
Kind = "vlan";
Name = "vlan90";
};
vlanConfig.Id = 90;
};
# Create the bridge interfaces
"vlan20br" = {
netdevConfig = {
Kind = "bridge";
Name = "vlan20br";
};
};
"vlan30br" = {
netdevConfig = {
Kind = "bridge";
Name = "vlan30br";
};
};
"vlan40br" = {
netdevConfig = {
Kind = "bridge";
Name = "vlan40br";
};
};
"vlan50br" = {
netdevConfig = {
Kind = "bridge";
Name = "vlan50br";
};
};
"vlan80br" = {
netdevConfig = {
Kind = "bridge";
Name = "vlan80br";
};
};
"vlan90br" = {
netdevConfig = {
Kind = "bridge";
Name = "vlan90br";
};
};
};
networks = {
"10-ens3f0" = {
matchConfig.Name = "ens3f0";
networkConfig.Bond = "bond0";
};
"10-ens3f1" = {
matchConfig.Name = "ens3f1";
networkConfig.Bond = "bond0";
};
"10-bond0" = {
matchConfig.Name = "bond0";
# tag vlan on this link
vlan = [
"vlan10"
"vlan20"
"vlan30"
"vlan40"
"vlan50"
"vlan80"
"vlan90"
];
networkConfig.LinkLocalAddressing = "no";
linkConfig.RequiredForOnline = "carrier";
};
# Connect the bridge ports to the bridge
"vlan2" = {
matchConfig.Name = "vlan20";
networkConfig.Bridge = "vlan20br";
};
"vlan30" = {
matchConfig.Name = "vlan30";
networkConfig.Bridge = "vlan30br";
};
"vlan40" = {
matchConfig.Name = "vlan40";
networkConfig.Bridge = "vlan40br";
};
"vlan50" = {
matchConfig.Name = "vlan50";
networkConfig.Bridge = "vlan50br";
};
"vlan80" = {
matchConfig.Name = "vlan80";
networkConfig.Bridge = "vlan80br";
};
"vlan90" = {
matchConfig.Name = "vlan90";
networkConfig.Bridge = "vlan90br";
};
# Connect the bridge ports to the bridge
"2-vlan20br" = {
matchConfig.Name = "vlan20br";
address = [
"172.17.1.137/24"
];
routes = [
{ Gateway = "172.17.1.1"; }
];
# make the routes on this interface a dependency for network-online.target
linkConfig.RequiredForOnline = "routable";
};
#GUEST
"2-vlan30br" = {
matchConfig.Name = "vlan30br";
address = [
"192.168.30.29/24"
];
};
#NOINTERNET
"2-vlan40br" = {
matchConfig.Name = "vlan40br";
address = [
"192.168.40.52/24"
];
};
#DMZ
"2-vlan50br" = {
matchConfig.Name = "vlan50br";
address = [
"192.168.50.30/24"
];
};
"2-vlan80br" = {
matchConfig.Name = "vlan80br";
address = [
"192.168.11.1/24"
];
routes = [
{ Destination = "239.255.42.42/32"; }
];
};
"2-vlan90br" = {
matchConfig.Name = "vlan90br";
address = [
"192.168.12.1/24"
];
routes = [
{ Destination = "239.255.42.43/32"; }
];
};
};
};
services.dnsmasq.enable = true;
services.dnsmasq.settings = {
interface=["vlan80br" "vlan90br"];
except-interface="lo";
bind-interfaces= true;
dhcp-range=["192.168.11.3,192.168.11.5,12h" "192.168.12.3,192.168.12.5,12h"];
};
systemd.services.dnsmasq.requires = ["network-online.target"];
systemd.services.dnsmasq.after = ["network-online.target"];
systemd.services.dnsmasq.before = ["incus.service"];
# ENDREGION
}
Ok, it took me a while but I found it. Set
services.dnsmasq.resolveLocalQueries = false;
1 Like
trumee
June 24, 2025, 11:03am
12
This was it. Thank you very much!
1 Like